Our Windows 2003 terminal server is running extremely slow today, so I checked task manager to see what is going on. lsass.exe is using as much free CPU as it can. The CPU Usage is staying at 100% because of this. Today is one of our slowest days, so I'm confused about why it is running so high. The only application the users are running is iexplore.exe, and the only other running services on the computer is Veritas Backupexec agents (other than the normal microsoft products). Other than a reboot, is there any way to fix this? Is there any troubleshooting tasks I can do to see what's going on?

2 Answers
2

You might consider running Process Explorer and looking at the threads in lsass.exe with high CPU utilization. If you've got something that's injected a DLL into the lsass.exe address-space you'll be able to see it there.

I'd echo dvogel's question about whether something / someone is attempting a brute-force password guessing attack, as well. What the network traffic moving and and out of the box (you do have "Network Monitor" installed, right?) and see if anything there looks uncharacteristic.